nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-05 19:23:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security - Use POST method instead of GET for deleting groups (#7495)

Browse Source 
* Security - Use POST method instead of GET for deleting groups

* Update menu_item_edit.php

* Update dashboard_edit.php

* Update device_vendor_function_edit.php

* Update device_vendor_function_edit.php

* Update dashboard_edit.php
This commit is contained in:
Alex
2025-09-22 09:46:21 -06:00
committed by GitHub
parent 61484998ab
commit b529c713d5
4 changed files with 114 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
app/devices/device_vendor_function_edit.php
View File

@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2016-2024
Portions created by the Initial Developer are Copyright (C) 2016-2025
the Initial Developer. All Rights Reserved.
Contributor(s):
@@ -34,33 +34,6 @@
//set the defaults
$device_vendor_function_uuid = '';
//delete the group from the menu item
if (!empty($_REQUEST["a"]) && $_REQUEST["a"] == "delete" && permission_exists("device_vendor_function_delete") && !empty($_REQUEST["id"])) {
//get the id
$device_vendor_function_group_uuid = $_REQUEST["id"];
$device_vendor_function_uuid = $_REQUEST["device_vendor_function_uuid"];
$device_vendor_uuid = $_REQUEST["device_vendor_uuid"];
//delete the device vendor function group
$array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid;
$p = permissions::new();
$p->add('device_vendor_function_group_delete', 'temp');
$database = new database;
$database->app_name = 'devices';
$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
$database->delete($array);
unset($array);
$p->delete('device_vendor_function_group_delete', 'temp');
//redirect the browser
message::add($text['message-delete'] ?? '');
header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid));
exit;
}
//check permissions
require_once "resources/check_auth.php";
if (permission_exists('device_vendor_function_add') || permission_exists('device_vendor_function_edit')) {
@@ -99,6 +72,33 @@
$description = $_POST["description"];
}
//delete the group from the sub table
if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("device_vendor_function_group_delete") && is_uuid($_POST["device_vendor_function_group_uuid"])) {
//get the uuid
$device_vendor_function_group_uuid = $_POST["device_vendor_function_group_uuid"];
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: devices.php');
exit;
}
//delete the device vendor function group
$array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid;
$database = new database;
$database->app_name = 'devices';
$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
$database->delete($array);
unset($array);
//redirect the user
message::add($text['message-delete'] ?? '');
header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid));
exit;
}
//process the http variables
if (count($_POST) > 0 && empty($_POST["persistformvar"])) {
@@ -328,18 +328,25 @@
echo " <td class='vtable'>";
if (is_array($function_groups) && @sizeof($function_groups) != 0) {
echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
if (permission_exists('device_vendor_function_group_delete')) {
echo " <input type='hidden' id='action' name='action' value=''>\n";
echo " <input type='hidden' id='device_vendor_function_group_uuid' name='device_vendor_function_group_uuid' value=''>\n";
}
$x = 0;
foreach ($function_groups as $field) {
if (!empty($field['group_name'])) {
echo "<tr>\n";
echo " <td class='vtable' style='white-space: nowrap; padding-right: 30px;' nowrap='nowrap'>";
echo $field['group_name'].(($field['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null);
echo " </td>\n";
if (permission_exists('group_member_delete') || if_group("superadmin")) {
if (permission_exists('device_vendor_function_group_delete')) {
echo " <td class='list_control_icons' style='width: 25px;'>";
echo "<a href='device_vendor_function_edit.php?id=".$field['device_vendor_function_group_uuid']."&group_uuid=".$field['group_uuid']."&device_vendor_function_uuid=".$device_vendor_function_uuid."&device_vendor_uuid=".$device_vendor_uuid."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]);
echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('device_vendor_function_group_uuid').value = '".escape($field['device_vendor_function_group_uuid'])."'; list_form_submit('frm');"])]);
echo " </td>";
}
echo "</tr>\n";
$x++;
}
}
echo "</table>\n";

28
core/dashboard/dashboard_edit.php
View File

@@ -160,16 +160,25 @@
}
//delete the group from the sub table
if (isset($_REQUEST["a"]) && $_REQUEST["a"] == "delete" && permission_exists("dashboard_group_delete") && is_uuid($_GET["dashboard_group_uuid"]) && is_uuid($_GET["dashboard_uuid"])) {
if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("dashboard_group_delete") && is_uuid($_POST["dashboard_group_uuid"]) && is_uuid($_POST["dashboard_uuid"])) {
//get the uuid
$dashboard_group_uuid = $_GET["dashboard_group_uuid"];
$dashboard_uuid = $_GET["dashboard_uuid"];
//delete the group from the users
$dashboard_group_uuid = $_POST['dashboard_group_uuid'];
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: dashboard.php');
exit;
}
//delete the group from the widget
$array['dashboard_groups'][0]['dashboard_group_uuid'] = $dashboard_group_uuid;
$database->app_name = 'dashboard';
$database->app_uuid = '55533bef-4f04-434a-92af-999c1e9927f7';
$database->delete($array);
unset($array);
//redirect the user
message::add($text['message-delete']);
header("Location: dashboard_edit.php?id=".urlencode($dashboard_uuid));
@@ -788,18 +797,25 @@
echo "<td class='vtable' style='position: relative;' align='left'>\n";
if (is_array($dashboard_groups) && sizeof($dashboard_groups) != 0) {
echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
if (permission_exists('dashboard_group_delete')) {
echo " <input type='hidden' id='action' name='action' value=''>\n";
echo " <input type='hidden' id='dashboard_group_uuid' name='dashboard_group_uuid' value=''>\n";
}
$x = 0;
foreach($dashboard_groups as $field) {
if (!empty($field['group_name'])) {
echo "<tr>\n";
echo " <td class='vtable' style='white-space: nowrap; padding-right: 30px;' nowrap='nowrap'>\n";
echo $field['group_name'].((!empty($field['domain_uuid'])) ? "@".$_SESSION['domains'][$field['domain_uuid']]['domain_name'] : null);
echo " </td>\n";
if (permission_exists('dashboard_group_delete') || if_group("superadmin")) {
if (permission_exists('dashboard_group_delete')) {
echo " <td class='list_control_icons' style='width: 25px;'>\n";
echo "<a href='dashboard_edit.php?id=".escape($field['dashboard_group_uuid'])."&dashboard_group_uuid=".escape($field['dashboard_group_uuid'])."&dashboard_uuid=".escape($dashboard_uuid)."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>\n";
echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]);
echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('dashboard_group_uuid').value = '".escape($field['dashboard_group_uuid'])."'; list_form_submit('frm');"])]);
echo " </td>\n";
}
echo "</tr>\n";
$x++;
}
}
echo "</table>\n";

44
core/menu/menu_item_edit.php
View File

@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2024
Portions created by the Initial Developer are Copyright (C) 2008-2025
the Initial Developer. All Rights Reserved.
Contributor(s):
@@ -72,18 +72,29 @@
}
//delete the group from the menu item
if ($action == "delete" && permission_exists("menu_delete") && is_uuid($menu_item_group_uuid)) {
//delete the group from the users
$array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid;
$database->app_name = 'menu';
$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
$database->delete($array);
unset($array);
if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("menu_item_group_delete") && is_uuid($_POST["menu_item_group_uuid"])) {
//get the uuid
$menu_item_group_uuid = $_POST['menu_item_group_uuid'];
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: menu.php');
exit;
}
//delete the group from the menu item
$array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid;
$database->app_name = 'menu';
$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
$database->delete($array);
unset($array);
//redirect the browser
message::add($text['message-delete']);
header("Location: menu_item_edit.php?id=".urlencode($menu_uuid)."&menu_item_uuid=".urlencode($menu_item_uuid)."&menu_uuid=".urlencode($menu_uuid));
return;
message::add($text['message-delete']);
header("Location: menu_item_edit.php?id=".urlencode($menu_uuid)."&menu_item_uuid=".urlencode($menu_item_uuid)."&menu_uuid=".urlencode($menu_uuid));
return;
}
//action add or update
@@ -502,18 +513,25 @@
echo " <td class='vtable'>";
if (!empty($menu_item_groups) && sizeof($menu_item_groups) != 0) {
echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
if (permission_exists('menu_item_group_delete')) {
echo "<input type='hidden' id='action' name='action' value=''>\n";
echo "<input type='hidden' id='menu_item_group_uuid' name='menu_item_group_uuid' value=''>\n";
}
$x = 0;
foreach($menu_item_groups as $field) {
if (!empty($field['group_name'])) {
echo "<tr>\n";
echo " <td class='vtable' style='white-space: nowrap; padding-right: 30px;' nowrap='nowrap'>";
echo $field['group_name'].((!empty($field['group_domain_uuid'])) ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null);
echo " </td>\n";
if (permission_exists('group_member_delete') || if_group("superadmin")) {
if (permission_exists('menu_item_group_delete')) {
echo " <td class='list_control_icons' style='width: 25px;'>";
echo "<a href='menu_item_edit.php?id=".escape($field['menu_uuid'])."&menu_item_group_uuid=".escape($field['menu_item_group_uuid'])."&menu_item_uuid=".escape($menu_item_uuid)."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]);
echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('menu_item_group_uuid').value = '".escape($field['menu_item_group_uuid'])."'; list_form_submit('frm');"])]);
echo " </td>";
}
echo "</tr>\n";
$x++;
}
}
echo "</table>\n";

38
core/users/user_edit.php
View File

@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2024
Portions created by the Initial Developer are Copyright (C) 2008-2025
the Initial Developer. All Rights Reserved.
Contributor(s):
@@ -81,23 +81,26 @@
}
//delete the group from the user
if (!empty($_GET["a"]) && $_GET["a"] == "delete" && is_uuid($_GET["group_uuid"]) && is_uuid($user_uuid) && permission_exists("user_delete")) {
//set the variables
$group_uuid = $_GET["group_uuid"];
//delete the group from the users
if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("user_group_delete") && is_uuid($_POST["group_uuid"]) && is_uuid($user_uuid)) {
//get the uuid
$group_uuid = $_POST['group_uuid'];
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header("Location: users.php");
exit;
}
//delete the group from the user
$array['user_groups'][0]['group_uuid'] = $group_uuid;
$array['user_groups'][0]['user_uuid'] = $user_uuid;
$p = permissions::new();
$p->add('user_group_delete', 'temp');
$database->delete($array);
unset($array);
$p->delete('user_group_delete', 'temp');
//redirect the user
message::add($text['message-update']);
message::add($text['message-delete']);
header("Location: user_edit.php?id=".urlencode($user_uuid));
exit;
}
@@ -992,15 +995,21 @@
$user_groups = $database->select($sql, $parameters, 'all');
if (is_array($user_groups)) {
echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
if (permission_exists('user_group_delete')) {
echo " <input type='hidden' id='action' name='action' value=''>\n";
echo " <input type='hidden' id='group_uuid' name='group_uuid' value=''>\n";
}
$x = 0;
foreach($user_groups as $field) {
if (!empty($field['group_name'])) {
echo "<tr>\n";
echo " <td class='vtable' style='white-space: nowrap; padding-right: 30px;' nowrap='nowrap'>";
echo escape($field['group_name']).((!empty($field['group_domain_uuid'])) ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null);
echo " </td>\n";
if (permission_exists('user_group_delete') || if_group("superadmin")) {
if (permission_exists('user_group_delete')) {
echo " <td class='list_control_icons' style='width: 25px;'>\n";
echo " <a href='user_edit.php?id=".urlencode($user_uuid)."&domain_uuid=".urlencode($domain_uuid)."&group_uuid=".urlencode($field['group_uuid'])."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>\n";
echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]);
echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('group_uuid').value = '".escape($field['group_uuid'])."'; list_form_submit('frm');"])]);
echo " </td>\n";
}
echo "</tr>\n";
@@ -1008,6 +1017,7 @@
$assigned_groups[] = $field['group_uuid'];
}
}
$x++;
}
echo "</table>\n";
}